August 25, 2003 1:07 PM PDT
Hackers cut off SCO Web site
SCO's Web site was largely out of commission until Monday morning, a representative of the Lindon, Utah-based Unix and Linux seller said Monday. Performance measurement statistics from Netcraft indicated that the site had been down since Friday night.
In a distributed denial-of-service (DDoS) attack, numerous computers simultaneously send so much data across a network that the targeted system slows to a crawl while trying to keep up with the traffic it's receiving. The SCO representative could not say where this weekend's strike originated.
However, unofficial open-source spokesman Eric Raymond suggested in a posting Sunday to open-source news Web site NewsForge that the attack was launched by someone angry at comments from SCO executives criticizing the open-source community's role in the legal battles over Linux.
SCO claims that IBM illegally inserted Unix code into its version of Linux and has sent letters to corporations, warning them that they may be violating copyright laws by using the Linux operating system.
Raymond, president of the Open Source Initiative advocacy group, urged the hacker, if a member of the open-source community, to stop the attack, because it could do more harm than good.
"We're the good guys. But that doesn't matter if we aren't *seen* to be the good guys," Raymond wrote in the Sunday posting. "We cannot fight our war using vandalism and trespass and the suppression of speech, or SCO will paint us as crackers and maybe win."
In the posting, Raymond also made a reference to a planned counterattack by members of the open-source community against SCO to demonstrate the weakness of its legal case, but did not go into detail, saying "the element of surprise is part of it."
IBM shot back against SCO earlier this month with its own countersuit. Linux distributor Red Hat, too, has filed a suit against the company in an effort to clear itself from claims of copyright infringement.
Amid the legal sparring, interactions between the open-source community and SCO have gotten worse.
Last week, SCO displayed examples of the IBM source code that it says infringes on its intellectual property. The reaction from the open-source community was skeptical; open-source developer and advocate Bruce Perens called the examples "bogus."
This weekend's attack follows a DDoS strike on the SCO Web site in May, in which an avalanche of data blocked access for several hours. Security experts on the Full Disclosure mailing list--a public forum for discussing software vulnerabilities--said last week that SCO's Web site appeared to be using older software that hadn't been patched with recent security updates.
Kevin Finisterre, a security consultant with Secure Network Operations Software, said the company has had a bad history of dealing with security flaws. In the past, he has notified SCO of several issues that never were patched, he said.
"They said they were going to take care of it," he said. "But as it stands today, it (SCO OpenServer) is still vulnerable."
CNET News.com's Robert Lemos contributed to this report.